ZONE Transfer to BIND 8/9

[Jerome Schnitzler]

----- Original Message -----
From: "Kevin D. Goodknecht [MVP]" <[email protected]>
Newsgroups: microsoft.public.win2000.dns
Sent: Tuesday, November 25, 2003 2:54 AM
Subject: Re: ZONE Transfer to BIND 8/9

In

If IPSec is set to "require" security For all IP traffic, it will always
require security using Kerberos trust and will NOT allow unsecured
communication with untrusted clients.
Try changing it to request security if you must have IPSec to the internet.
So for as worrying about worms since this server is connected directly to
the internet use a good firewall and do not allow it to be used as a
workstation. Any one using this server as a workstation, if they do execute
a virus or worm that nasty little bug has the same rights as the user. Never
browse the internet from this machine. If you have an internal network using
this as a gateway I would highly recommend using a Proxy server that scans
the data stream. There are good ones that are very reasonably priced such as
Wingate and Winroute that do a very good job of protecting your internal
network. Most will give you a thirty day trial.
Is TCP/IP filtering turned on?
Do you have any ports open above 1024?
TCP/IP filtering on the interface closes both incoming and outgoing ports it
does not allow for port redirection for outgoing connections. Instead of the
filtering on the interface get a firewall or use packet filtering in RRAS.

I know that ... this is a server only system ... my problem is ... that I
opened port 53 for all connections and security is turned off. Still this
port is filtered. Is there an option in the local security ruleset which
might still switched on?

 

[Ace Fekay [MVP]]

----- Original Message -----
From: "Kevin D. Goodknecht [MVP]" <[email protected]>
Newsgroups: microsoft.public.win2000.dns
Sent: Tuesday, November 25, 2003 2:54 AM
Subject: Re: ZONE Transfer to BIND 8/9

such ports

I know that ... this is a server only system ... my problem is ... that I
opened port 53 for all connections and security is turned off. Still this
port is filtered. Is there an option in the local security ruleset which
might still switched on?

Run ipsecmon to ensure that the ipsec policy is not active. You can even
stop the ipsec service to ensure this. Otherwise, no need to say, that
*obviously* something is filtering it. Zone alarm, blackice, or some other
personal firewall?

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Jerome Schnitzler]

"Ace Fekay [MVP]"

Run ipsecmon to ensure that the ipsec policy is not active. You can even
stop the ipsec service to ensure this. Otherwise, no need to say, that
*obviously* something is filtering it. Zone alarm, blackice, or some other
personal firewall?

No. No other firewall ... also asked my ISP ... direct connection ... that
can't be the mistake.

 

[Ace Fekay [MVP]]

In

"Ace Fekay [MVP]"


No. No other firewall ... also asked my ISP ... direct connection ...
that can't be the mistake.

Sorry, I'm at my wits end on this one. Still believe something is blocking
it if you are getting a "filtered" state.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Kenneth Porter]

Normal DNS queries were possible, but when I tried a Transfer
the sever was unreachable.

Queries usually use UDP while transfers usually use TCP (because the size
of the response is too big for the UDP packet). So it sounds like UDP 53 is
open but TCP 53 is closed.